关联漏洞
Description
Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.
介绍
# CVE-2025-6543_CitrixNetScaler_PoC
Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.
## 🔐 GitHub Repository Description
> **CVE-2025-6543 Enhanced Checker**
> Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.
---
## 📄 `README.md`
````markdown
# CVE-2025-6543 Enhanced Checker
A robust multi-host, multi-port vulnerability scanner for **CVE-2025-6543**, targeting Citrix NetScaler appliances. This tool supports both SNMP and SSH banner grabbing to determine build versions and patch status. Includes optional CSV output and a stub for future exploit integration.
## ⚙️ Features
- ✅ Multi-host and multi-port scanning
- ✅ SNMP and SSH version enumeration
- ✅ Build/version parsing logic with patch baseline comparison
- ✅ Progress bar support via `tqdm`
- ✅ Export results to CSV
- ⚠️ Stub for exploit probe
---
## 📦 Requirements
- Python 3.6+
- `tqdm` (optional, for progress bar)
- `snmpget` from `net-snmp-utils`
- `sshpass` for password-based SSH access
### Install dependencies on Debian/Ubuntu:
```bash
sudo apt update
sudo apt install -y net-snmp sshpass python3-pip
pip3 install tqdm
````
---
## 🚀 Usage
```bash
python3 cve_2025_6543_checker.py [OPTIONS]
```
### 🔹 Input Options
**Required**: either provide a host list or a file:
* `-H HOST [HOST ...]` – Space-separated list of IPs/FQDNs
* `-f FILE` – File with one host per line
**Required**: either provide a port or a file:
* `-p PORT` – Single TCP port
* `-P FILE` – File with one port per line
### 🔹 Connection Options
* `--no-snmp` – Disable SNMP scanning
* `-c STRING` – SNMP community string (default: `public`)
* `--ssh-user USER` – SSH username
* `--ssh-pass PASS` – SSH password
### 🔹 Output & Exploitation
* `-o FILE` – Save results to CSV
* `-x` – Run exploit probe (currently stubbed)
### 🔹 Debugging
* `-v` – Verbose output for debugging and banner grabs
---
## 📘 Example Usages
### Scan multiple hosts on one port:
```bash
python3 cve_2025_6543_checker.py -H 192.168.1.10 192.168.1.11 -p 161
```
### Scan from host and port files with SSH fallback:
```bash
python3 cve_2025_6543_checker.py -f hosts.txt -P ports.txt \
--ssh-user admin --ssh-pass password123 -o results.csv
```
### Disable SNMP and force SSH-only scanning:
```bash
python3 cve_2025_6543_checker.py -H 10.10.10.1 -p 22 \
--no-snmp --ssh-user root --ssh-pass changeme
```
---
## 📝 Output Format (CSV)
If `-o` is used, the output file will include:
```
host,port,branch,build,state
192.168.1.10,22,13.1,57.16,VULNERABLE ⚠️
```
---
## 🔒 About CVE-2025-6543
This vulnerability affects certain builds of Citrix NetScaler ADC/VPX appliances. The tool checks for known patched versions and flags devices that are potentially vulnerable based on build signatures. The included banner parsing logic supports various formats and tags (e.g., FIPS, NDCPP).
---
## ⚠️ Disclaimer
This tool is for **educational and authorized security testing** only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.
---
## 📌 TODO
* Implement real exploit logic in `exploit_probe()`
* Add TLS/HTTPS banner scraping fallback
* Implement JSON and XML output options
文件快照
[4.0K] /data/pocs/05b789ae09301cd2482c3548de4649865fbe81f2
├── [6.7K] cve_2025_6543_checker.py
├── [1.0K] LICENSE
└── [3.4K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →